Ransomware Attack on Zimbabwe's Success Microfinance Bank by Meow

Incident Date:

August 28, 2024

World map

Overview

Title

Ransomware Attack on Zimbabwe's Success Microfinance Bank by Meow

Victim

Success Microfinance Bank

Attacker

Meow

Location

Harare, Zimbabwe

, Zimbabwe

First Reported

August 28, 2024

Ransomware Attack on Success Microfinance Bank by Meow Group

Success Microfinance Bank, a key financial institution in Zimbabwe, has recently been targeted by the notorious ransomware group Meow. The attack has resulted in the compromise of 20 GB of sensitive data, with the attackers demanding a ransom of $6,000 for the decryption key.

About Success Microfinance Bank

Located in Harare, Zimbabwe, Success Microfinance Bank operates as a deposit-taking microfinance institution (DTMFI). Established in 2011 as Collarhedge Finance Private Limited, the bank transitioned to its current form in 2016 after receiving approval from the Reserve Bank of Zimbabwe. The bank focuses on providing financial services to micro, small, and medium enterprises (MSMEs), offering products such as loans, savings accounts, and digital banking services. With approximately 12 employees and an annual revenue of around $7.5 million, the bank plays a crucial role in promoting financial inclusion and economic growth in Zimbabwe.

Details of the Attack

The ransomware attack orchestrated by Meow has severely impacted Success Microfinance Bank's operations. The attackers have encrypted critical data, demanding a ransom for its release. The compromised data includes sensitive information vital to the bank's operations and client services. The attack highlights the vulnerabilities in the bank's cybersecurity infrastructure, which may have been exploited through methods such as phishing emails, exploit kits, or Remote Desktop Protocol (RDP) vulnerabilities.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and financial services. Meow employs various infection methods, including phishing emails and RDP vulnerabilities, to compromise systems. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who have not paid the ransom.

Potential Penetration Methods

Meow Ransomware could have penetrated Success Microfinance Bank's systems through several vectors. Common methods include phishing emails that trick employees into downloading malicious attachments, exploiting vulnerabilities in outdated software, or leveraging weak RDP credentials. The bank's focus on digital banking and recent partnership with FinOS for core banking solutions may have introduced new vulnerabilities that were exploited by the attackers.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.